17 Сентябрь 2003 11:27, Greg Matthews написал:
> Actually this doesn't appear to be true. Did I imagine it or has this
> changed?
>
> Anyway, a valid tls_cacert option in the *correct* ldap.conf (e.g.
> /etc/openldap/ldap.conf or /usr/local/etc/openldap/ldap.conf) works with
> the -ZZ option to the client tools.
1.Some clients need ldap.conf in /etc, at list in RH, so it's better to add
ln -s /etc/openldap/ldap.conf /etc/
2. Actually, it's do not necessary to use -ZZ, -Z is enough and client
behavior will depend on slapd configuration.
>
> GREG
>
> On Tue, 2003-09-16 at 16:37, Greg Matthews wrote:
> > In order to use the ldapclient tools with -ZZ option to force encryption
> > you must have the following in ~/.ldaprc
> > tls_cacert /path/to/cacert.pem
> > having it in ldap.conf is not correct for these tools.
> >
> > GREG